When developers install a new NPM package, the conversation usually sounds like this:

"It's only one dependency."

Five minutes later, the project has hundreds of additional transitive dependencies, a noticeably larger JavaScript bundle, slower page loads, and a growing maintenance burden.

The problem isn't simply technical.

It's financial.